Privacy policy
Last updated: [date]
Where WellFirst stands today
WellFirst is under development and not yet open to the public. The current site only offers a waitlist: no account, check-in, or health data is collected at this stage. This policy will be updated before the application launches to detail the processing of check-in data (health data under GDPR).
Data collected today
The only personal data collected on the site is the email address you voluntarily provide when joining the waitlist.
Purpose of processing
This email address is used exclusively to:
- Notify you when the application launches
- Respond to your requests if you contact us
Legal basis
Processing is based on your consent (Art. 6.1.a GDPR), given by submitting the waitlist form.
Sub-processors and technical providers
We rely on the following providers, each acting as a sub-processor:
- Vercel — website hosting and delivery
- Supabase — storage of waitlist email addresses and, eventually, the application's database
- Sentry — technical error and crash monitoring (no health or payment data)
- RevenueCat — eventually, subscription management for the application; payments themselves are processed directly by Apple's App Store and Google Play Store, WellFirst does not store any payment card data
Data retention
Your email address is kept until the application launches or until you unsubscribe, whichever comes first. You may request its deletion at any time.
Your rights
Under GDPR, you have the following rights:
- Access: obtain a copy of your data
- Rectification: correct inaccurate data
- Erasure: request deletion of your data
- Portability: receive your data in a structured format
- Objection: object to processing
- Withdraw consent at any time
To exercise your rights, contact us at hello@wellfirst.app
Security
We rely on established providers (Vercel, Supabase) that implement technical and organizational security measures to protect your data against unauthorized access, alteration, disclosure, or destruction.